CVE-2016-9013

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9013
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9013.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9013
Aliases
Downstream
Related
Published
2016-12-09T20:59:05.657Z
Modified
2026-04-16T01:39:37.074230713Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "12.04"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "14.04"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "16.10"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "24"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "25"
                }
            ],
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9d67bfadf897d4eb082b398fe9482fc6753c7bf2
Last affected
bd97496d07466f3a940e2fcc114b540ca01cd340
Last affected
e99ebfcc140a5f794e259994f9252cb440459143
Last affected
3df8ccf6fc3fa0ab2acf9a03da43fea87f8ff392
Last affected
e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd
Last affected
c00335997744196738368f46c30ef2eeaa0ac849
Last affected
37935743edbf60201adb1b53b56b8cafa754c69a
Last affected
dafddb6b8c0eb778072bec1ccd536bafad0eb936
Last affected
b29316c54bb3465265ff931e807229f13349457d
Last affected
6e749c21e77dc74af068c8e943a6e6850ae0bb24
Last affected
8a2a3a63b83375d9322c077b6356007e0bef5939
Last affected
2234d1f08d079a3e4be4f1a89847dc294a4a5c1a
Last affected
e8bb7464c562388da48bca04c5996fe16a0c3619
Last affected
f49602ad46b447c5a27d47b0e89b3440109211a4
Last affected
6a0dc2176f4ebf907e124d433411e52bba39a28e
Last affected
e3c9412d86c3c394e2604e63f3b51c102ae3e3d7
Last affected
449d1effb81152e54f482784cf7febe965007096
Last affected
4217f1cdeb070707e54fec8221b9e63e3957ef38
Last affected
acc3c1df8474f424b2f179bac03d0e9a6bc9aba0
Last affected
b35adb0909b25a7dafc9212ddedfbf9b29dc05b8
Last affected
80b7e9d09f2d23209b591288f9b2cf3eb3d927c8
Last affected
8dd33d429892fc06cc9aa655012491f029f5f491
Last affected
a1f5bafac51f973cc7219d3b7c96587fe7066920
Last affected
c982190acf7bcfba5e78a7505a45774916865569
Last affected
ef08d8cf9e0d1ca62c6c291575d9e306cb09afcb
Last affected
a98e00f06834e5fdc945c2aca2c3498efb06ac7d
Last affected
c168aeba175dbb92c615460a360cb1ea978de5d3
Last affected
4022b2c306e88a4ab7f80507e736ce7ac7d01186
Last affected
9fbdc48c493f43961173bab8f23d633ab41a9608
Last affected
25e416ca0f3ea6035c8d797dcc9604bc32202268
Database specific 
{
    "cpe": [
        "cpe:2.3:a:djangoproject:django:1.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10"
        },
        {
            "last_affected": "1.10.1"
        },
        {
            "last_affected": "1.10.2"
        },
        {
            "last_affected": "1.9"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "last_affected": "1.9.3"
        },
        {
            "last_affected": "1.9.4"
        },
        {
            "last_affected": "1.9.5"
        },
        {
            "last_affected": "1.9.6"
        },
        {
            "last_affected": "1.9.7"
        },
        {
            "last_affected": "1.9.8"
        },
        {
            "last_affected": "1.9.9"
        },
        {
            "last_affected": "1.9.10"
        },
        {
            "last_affected": "1.8"
        },
        {
            "last_affected": "1.8.1"
        },
        {
            "last_affected": "1.8.2"
        },
        {
            "last_affected": "1.8.3"
        },
        {
            "last_affected": "1.8.4"
        },
        {
            "last_affected": "1.8.5"
        },
        {
            "last_affected": "1.8.6"
        },
        {
            "last_affected": "1.8.7"
        },
        {
            "last_affected": "1.8.8"
        },
        {
            "last_affected": "1.8.9"
        },
        {
            "last_affected": "1.8.10"
        },
        {
            "last_affected": "1.8.11"
        },
        {
            "last_affected": "1.8.12"
        },
        {
            "last_affected": "1.8.13"
        },
        {
            "last_affected": "1.8.14"
        },
        {
            "last_affected": "1.8.15"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

1.*
1.0
1.1
1.10
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.10.8
1.10a1
1.10b1
1.10rc1
1.2
1.2.1
1.3
1.4
1.7a2
1.8
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.16
1.8.17
1.8.18
1.8.19
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.8a1
1.8b1
1.8b2
1.8c1
1.9
1.9.1
1.9.10
1.9.11
1.9.12
1.9.13
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
1.9a1
1.9b1
1.9rc1
1.9rc2
stable/1.*
stable/1.10.x
stable/1.8.x
stable/1.9.x

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9013.json"